Computer security systems are often used to detect email attacks on computing devices. For example, a computing device may include a computer security system. In this example, the computer security system may detect a malicious email accessed by the computing device via the Internet.
Unfortunately, some conventional computer security systems may be unable to determine whether a particular email attack is an isolated incident or part of a targeted email campaign. For example, certain organizations (such as corporations and/or government entities) may have computing devices that include conventional computer security systems. In this example, the conventional computer security systems may be unable to determine whether malicious emails accessed by the computing devices are part of a comprehensive malicious email campaign targeting these organizations.
Even in the event that certain conventional computer security systems are able to determine that a particular email attack is part of a targeted email campaign, these security systems may be unable to accurately attribute the targeted email campaign to a known threat group. In other words, these security systems may be unable to determine which threat group is responsible for the targeted email campaign. As a result, these security systems may be unable to warn the organizations about the targeted email campaign and/or the responsible threat group in time to deploy any effective countermeasures.
The instant disclosure, therefore, identifies and addresses a need for systems and methods for attributing potentially malicious email campaigns and their corresponding malicious executables to known threat groups.